CVE-2022-21642

Discourse is an open source platform for community discussion. In affected versions when composing a message from topic the composer user suggestions reveals whisper participants. The issue has been patched in stable version 2.7.13 and beta version 2.8.0.beta11. There is no workaround for this issue and users are advised to upgrade.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:*:*:*:*

History

12 Jan 2022, 20:17

Type Values Removed Values Added
CWE CWE-200
CVSS v2 : unknown
v3 : unknown
v2 : 4.0
v3 : 4.3
References (CONFIRM) https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6 - (CONFIRM) https://github.com/discourse/discourse/security/advisories/GHSA-mx3h-vc7w-r9c6 - Patch, Third Party Advisory
References (MISC) https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa - (MISC) https://github.com/discourse/discourse/commit/702685b6a06ae45a544fc702027f1e4573d94aaa - Patch, Third Party Advisory
CPE cpe:2.3:a:discourse:discourse:2.8.0:beta5:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta6:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta9:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta7:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta10:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta8:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:*:*:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta4:*:*:*:*:*:*
cpe:2.3:a:discourse:discourse:2.8.0:beta3:*:*:*:*:*:*

05 Jan 2022, 19:16

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-05 19:15

Updated : 2024-02-04 22:08


NVD link : CVE-2022-21642

Mitre link : CVE-2022-21642

CVE.ORG link : CVE-2022-21642


JSON object : View

Products Affected

discourse

  • discourse
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor